-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
Important
-
rhel-security-selinux
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
From serial console we started seeing error like:
19:00:50 centos10 systemd[1]: Started user@2024667211.service - User Manager for UID 2024667211.
Dec 11 19:00:50 centos10 systemd[1]: Started session-11.scope - Session 11 of User user_google_com.
Dec 11 19:00:50 centos10 systemd[1]: session-11.scope: Deactivated successfully. on serial console gcp
Session would immediately get terminated after authentication.
Checking audit logs we noticed errors like:
type=AVC msg=audit(1765412557.361:121): avc: denied { dyntransition } for pid=4973 comm="sshd-session" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
So we confirmed if the policy existed, by running command:
sesearch /etc/selinux/targeted/policy/policy.35 \ -A -s sshd_t -t unconfined_t -c process -p dyntransition
This returns following on current Centos-stream-10 images on GCP
allow sshd_t unconfined_t:process dyntransition; [ unconfined_login ]:True
But rebuilt images with updated packages are missing this policy which seems to be causing issue with SSH workflow.
